Login WordPress Plugins with Most Issues
131 indexed plugins
Plugins
131
Active Installs
6m+
Average Score
55
Audited
131
Most Issues
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1 | All In One Login — Login Page Security and Customization for WordPress with Google reCAPTCHA, Social Login, Temporary Login, 2FA, and more. | 23 | 750 | 1,359 | 60k+ | Non-prefixed global variable | ||
| #2 | Custom Login Page Customizer | 23 | 687 | 1,408 | 90k+ | Non-prefixed global variable | ||
| #3 | Custom Login Page Customizer – Login Designer | 22 | 588 | 1,455 | 30k+ | Non-prefixed global variable | ||
| #4 | Security Plugin, Firewall & Malware Scanner with Auto Removal | 24 | 1,191 | 769 | 30k+ | Output is not escaped | ||
| #5 | Admin Tweaks | 24 | 1,507 | 206 | 1k+ | Text Domain Mismatch | ||
| #6 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception output is not escaped | ||
| #7 | Loginizer | 25 | 814 | 504 | 1m+ | Output is not escaped | ||
| #8 | Login With Ajax – Fast Logins, 2FA, Redirects | 23 | 623 | 520 | 10k+ | Output is not escaped | ||
| #9 | Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms | 24 | 563 | 548 | 4k+ | Text Domain Mismatch | ||
| #10 | SP Move Login | 26 | 881 | 215 | 6k+ | Text Domain Mismatch | ||
| #11 | WP-Members Membership Plugin | 24 | 669 | 382 | 50k+ | Output is not escaped | ||
| #12 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output is not escaped | ||
| #13 | Theme My Login | 32 | 251 | 549 | 60k+ | Non-prefixed function | ||
| #14 | Legal Terms and Conditions Popup for User Login and WooCommerce Checkout | 23 | 524 | 237 | 700 | Output is not escaped | ||
| #15 | WPS Bidouille | 28 | 472 | 215 | 10k+ | Output is not escaped | ||
| #16 | My Private Site | 31 | 425 | 190 | 20k+ | Text Domain Mismatch | ||
| #17 | Login Widget With Shortcode | 25 | 335 | 198 | 6k+ | wp function not compatible with requires wp | ||
| #18 | WP Hide & Security Enhancer | 27 | 124 | 375 | 50k+ | Input is not sanitized | ||
| #19 | Login & Register Customizer – Popup | Slider | Inline | WooCommerce | 33 | 265 | 230 | 40k+ | Output is not escaped | ||
| #20 | Persistent Login | 37 | 338 | 108 | 6k+ | Unsafe printing function | ||
| #21 | Login with Vipps and MobilePay | 34 | 263 | 174 | 900 | Output is not escaped | ||
| #22 | Easy Upload Files During Checkout | 31 | 220 | 208 | 500 | Unsafe printing function | ||
| #23 | LoginPress | wp-login Custom Login Page Customizer | 55 | 124 | 301 | 200k+ | Non-prefixed function | ||
| #24 | AJAX Login and Registration modal popup + inline form | 28 | 157 | 261 | 3k+ | Output is not escaped | ||
| #25 | wpDirAuth | 32 | 250 | 135 | 600 | wp function not compatible with requires wp | ||
| #26 | WP Ghost (Hide My WP Ghost) – Security & Firewall | 85 | 6 | 373 | 100k+ | Non-prefixed global variable | ||
| #27 | Login Security Solution | 27 | 216 | 154 | 4k+ | Output is not escaped | ||
| #28 | Rename wp-login.php to anything you want | 33 | 251 | 117 | 500 | Output is not escaped | ||
| #29 | Melapress Login Security | 31 | 69 | 278 | 2k+ | Non-prefixed global variable | ||
| #30 | IP Based Login | 35 | 179 | 146 | 600 | Output is not escaped | ||
| #31 | Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress | 29 | 86 | 233 | 500 | Nonce verification recommended | ||
| #32 | OAuth Single Sign On – SSO (OAuth Client) | 90 | 269 | 36 | 6k+ | wp function not compatible with requires wp | ||
| #33 | Sessions | 33 | 196 | 103 | 900 | Output is not escaped | ||
| #34 | WP fail2ban – Advanced Security | 32 | 75 | 153 | 60k+ | Dynamic hook name | ||
| #35 | WPS Limit Login | 39 | 152 | 76 | 100k+ | Output is not escaped | ||
| #36 | Login for Google Apps | 27 | 139 | 85 | 10k+ | Exception output is not escaped | ||
| #37 | Secure Passkeys | 42 | 146 | 76 | 1k+ | Exception output is not escaped | ||
| #38 | Frontend Reset Password | 35 | 83 | 128 | 10k+ | Text Domain Mismatch | ||
| #39 | Login as User | 36 | 101 | 64 | 30k+ | Output is not escaped | ||
| #40 | Slash Admin | 39 | 116 | 38 | 500 | Output is not escaped | ||
| #41 | Erident Custom Login and Dashboard | 38 | 122 | 28 | 8k+ | Unsafe printing function | ||
| #42 | Autologin Links | 38 | 73 | 74 | 8k+ | Output is not escaped | ||
| #43 | IndieAuth | 34 | 36 | 109 | 400 | Input is not sanitized | ||
| #44 | No CAPTCHA reCAPTCHA | 40 | 112 | 26 | 4k+ | Text Domain Mismatch | ||
| #45 | Personalize Login | 41 | 47 | 84 | 500 | Nonce verification recommended | ||
| #46 | ReCaptcha Integration for WordPress | 37 | 60 | 66 | 9k+ | Output is not escaped | ||
| #47 | MS Custom Login | 41 | 117 | 6 | 900 | Unsafe printing function | ||
| #48 | Security Optimizer – The All-In-One Protection Plugin | 35 | 40 | 82 | 1m+ | Request data is not unslashed | ||
| #49 | Limit Login Attempts | 40 | 81 | 38 | 300k+ | Output is not escaped | ||
| #50 | Login-Logout | 35 | 104 | 8 | 3k+ | Output is not escaped |
